Source: php-laravel-framework X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security
Hi, The following vulnerability was published for php-laravel-framework. CVE-2025-27515[0]: | Laravel is a web application framework. When using wildcard | validation to validate a given file or image field (`files.*`), a | user-crafted malicious request could potentially bypass the | validation rules. This vulnerability is fixed in 11.44.1 and 12.1.1. https://github.com/laravel/framework/security/advisories/GHSA-78fx-h6xr-vch4 https://github.com/laravel/framework/commit/2d133034fefddfb047838f4caca3687a3ba811a5 (v12.1.1) There are also two other security issues affecting sid/trixie and which are already fixed in experimental: https://security-tracker.debian.org/tracker/CVE-2024-13918 https://security-tracker.debian.org/tracker/CVE-2024-13919 So possibly trixie should be moved to 11.44.1 unless it's a very breaking change between 10 and 11? If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2025-27515 https://www.cve.org/CVERecord?id=CVE-2025-27515 Please adjust the affected versions in the BTS as needed.
